Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Really really bad malware issue


  • Please log in to reply

#1
Anton Friedman

Anton Friedman

    New Member

  • Member
  • Pip
  • 1 posts

Hi, I've got a malware issue. How I ended up with it in my system is simple:

 

I was looking for cheat codes on the web, then I looked for trainer programmes. One site that came up was called newpc.com. The actual file I downloaded has 'mysteriously' disappeared. But it was located, more or less, at this download point on the site: x-com-2-trainer-9.

 

I'm too scared to go back to that site to investigate further - I don't have the geek knowledge to risk it. I've run a couple of anti-malware programmes, downloading them into my documents folder, but they don't seem to be there anymore. There's been weird activity such as:

 

1) A window that dims everything on screen except for it, and refers to the current programme I'm using as follows, and this isn't exactly the language, "Many people who use Chrome also use the following programmes. 'Something something' would you like to install them?" There's no exit or cancel key, just a 'next'. I close the programme by hitting the 'x' on the window. "Are you sure you want to quit?" Yes, I frigging am. Especially when it opens while I'm playing Star Wars: Battlefront, and it minimises the game just to try convince me to add more malware onto my system.

 

2) A weird Japanese or Chinese alphabet based programme that loads when I start up my computer, and features some sort of small round circle on my desktop with a rocket ship. If I click on it, the rocket ship flies off the circle and up my desktop. It's a mission to close it, and one of the key images in this app is a penguin with a red scarf. 

 

3) RegClean Pro, which automatically decides to scan my computer for "registry issues" and tries to convince me to buy it when I try and close it. It even installed an icon on my desktop. 

 

4) It forces my browser to open on 'yoursearch' a web search engine.

 

I've attached the files.

Attached Files


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,026 posts
  • MVP

FRST says you should uninstall the following if you can:

 

AnySend (HKLM-x32\...\ASPackage) (Version:  - CMI Limited) <==== ATTENTION

PriceSparrow (HKLM-x32\...\{2A965DDC-C64C-4562-862B-5EE487A7DEFC}) (Version: 1.4.42 - Adspired GmbH) <==== ATTENTION

RegClean Pro (HKLM-x32\...\RegClean Pro_is1) (Version: 6.21 - systweak.com) <==== ATTENTION

Satellite Comma (HKLM-x32\...\SoftwareUpdater) (Version: 1.0.0.0 - Satellite Comma) <==== ATTENTION

YTD Video Downloader 4.9.2 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.9.2 - GreenTree Applications SRL) <==== ATTENTION
电脑管家11.3 (HKLM-x32\...\QQPCMgr) (Version: 11.3.17201.218 - 腾讯科技(深圳)有限公司) <==== ATTENTION
 
Then let's remove all that's left:
 

 
Download the attached fixlist.txt to the same location as FRST
 
 
Run FRST and press Fix (PC will reboot)
A fixlog will be generated in the same folder where FRST lives please post that (Post the logs as you get them.  Multiple posts are fine.)
 

 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
    Run FRST and make sure the Addition.txt box is checked then SCAN.  You will get two logs.  Post both.
     
    Tonight let AVAST do a boot-time scan while you sleep.  Please follow these instructions.  If they don't seem right you have an older version of Avast so please update.
     
     
     
    Open Avast, Scan, Scan for Viruses, Change the Quick Scan (in the box in the center of the page) to Boot-time Scan.  Then at the bottom of the page click on Scan Settings.
     
    Make sure both boxes are checked and click on the gray box to the right of the orange ones.  It should turn orange.  Change where it says "Fix Automatically" to "Move to
    Chest."  OK.  Now click on Start and then close Avast.  Mute your speakers so it doesn't wake you up when Windows boots.
     
    When you reboot you will see the scan start.  It will tell you where it says its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:
     
     
    Copy and paste the text from the log to a Reply when done.
     

    • 0






    Similar Topics

    1 user(s) are reading this topic

    0 members, 1 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP